At the end of February, we reported on a large phishing attack that hit users of the NFT platform OpenSea. Seventeen victims lost 250 NFTs, worth approximately $2 million. The attackers were aware of a scheduled update. They knew that the company would be sending out emails with instructions on how to handle the process. Therefore, the attackers prepared fake emails and websites of their own.
These phishing emails, with links to fake OpenSea webpages, have continued making the rounds — albeit with variations and alternative “reasons” for the email and log-in need. As seen in the email above, users are receiving fake notifications that their NFT has been purchased, or that an offer has been made.
However, when the would-be victim clicks the phishing link and is taken to the fake webpage, they are confronting with supposed “connection” problems. Due to this, the user is asked to submit personal details in order to access their account. If the would-be victim does so, the scammers will now have full access to your OpenSea account.
Seventeen victims lost $2 million due to phishing emails such as these — don’t become the 18th! Head over for here some handy tips when it comes to NFT security.
How to Protect Yourself
- Double-check the sender’s mobile number/email address.
- Free gifts or prizes are always a major red flag.
- Turn to the bank’s official website to confirm any details regarding your benefit payments.
- NEVER click links or attachments from unknown sources. Use Trend Micro ScamCheck to detect scams with ease!
ScamCheck is an all-in-one browser extension for detecting scams, phishing attacks, malware, and dangerous links – and it’s FREE!
After you’ve pinned ScamCheck, it will block dangerous sites automatically! It’s available on Safari, Google Chrome, and Microsoft Edge.
Check out this page for more information on ScamCheck.